clone/pico-hsm
1
0
Fork 0
mirror of https://github.com/polhenarejos/pico-hsm synced 2026-06-20 17:23:50 +02:00
Code Issues Packages Projects Releases Wiki Activity
1,040 Commits 2 Branches 33 Tags
1ea0a91ba8a8593287ec09bd97ae29d32401943d
Commit Graph

209 Commits

Author SHA1 Message Date
Pol Henarejos
3660a35c2c Implementing own functions for cvc manipulation. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-31 18:51:43 +02:00
Pol Henarejos
9132dd16f0 Fix decoding asn1 integer. 
It caused overflow.
 2022-05-31 01:14:09 +02:00
Pol Henarejos
652551269e Using own asn1 int decoder. 2022-05-31 00:40:29 +02:00
Pol Henarejos
81730f37a9 Removing sc_pkcs1_strip_digest(). 
It is hard coded here (taken from OpenSC).
 2022-05-31 00:25:54 +02:00
Pol Henarejos
4b86e96660 Removing card_context from store_keys(). 
It does not generate PRKD, as it will be stored by the client.
 2022-05-31 00:14:30 +02:00
Pol Henarejos
271240f11c Fix initializing device. 2022-05-31 00:09:21 +02:00
Pol Henarejos
00e8596a0e Adding asn1_find_tag() for searching for a tag in a asn1 string. 2022-05-30 23:31:17 +02:00
Pol Henarejos
39ab429c88 Adding key domain to key generation, wrap, unwrap, export and import. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-30 16:13:51 +02:00
Pol Henarejos
4fa8d4ba64 Fix warnings 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-27 20:58:45 +02:00
Pol Henarejos
1ac4402f99 res_APDU SHALL NOT BE moved, only memcpied or memmoved. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-27 00:58:35 +02:00
Pol Henarejos
8554262aaf Migrating away from tinyUSB. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-27 00:36:33 +02:00
Pol Henarejos
d2766b2225 Using printf instead of TU 2022-05-26 14:16:32 +02:00
Pol Henarejos
f124ee52ce Do not add FMD in FCI. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-24 23:31:46 +02:00
Pol Henarejos
2167d28514 Add meta files. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-24 22:57:59 +02:00
Pol Henarejos
80792dc555 Private/secret keys can be selected. 
It returns FCP when a private/secret key is selected but it is not allowed to read them.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-24 13:06:00 +02:00
Pol Henarejos
080337f847 Added key domain setup 
It accepts different dkek shares for each key domain.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-24 11:08:29 +02:00
Pol Henarejos
5e20c830fd Return key domain not found only when they are prepared. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-24 10:48:22 +02:00
Pol Henarejos
b754fdb449 Refactoring initialize command to support no dkek, random dkek, dkek shares and key domains. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-24 10:44:00 +02:00
Pol Henarejos
a926239613 Returning not initialized key domains. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-24 09:24:54 +02:00
Pol Henarejos
c80b723112 Using dynamic dkek number and current shares, for each key domain. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-24 09:18:35 +02:00
Pol Henarejos
a062b92dad Replacing low level data access to high level routines. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-24 00:30:42 +02:00
Pol Henarejos
89d40b7c94 Extending DKEK and key storage to key domains. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-24 00:29:19 +02:00
Pol Henarejos
7b5cb48dcc Added key domains for device initialization and dkek import. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-23 20:06:06 +02:00
Pol Henarejos
7de0121db5 Introducing MANAGE KEY DOMAIN (INS 52) 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-23 14:26:36 +02:00
Pol Henarejos
cb338af8fb Return SW 6600 when button timeouts. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-05 22:30:07 +02:00
Pol Henarejos
fffe2fb451 Now press-to-confirm button has a timeout of 15 secs. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-05 20:56:28 +02:00
Pol Henarejos
5f0b15b5e9 Fix returning wrong pin retries. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-22 19:21:41 +02:00
Pol Henarejos
302f287967 Moving EAC and crypto to core. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-19 19:16:29 +02:00
Pol Henarejos
522860f736 Splitting the core onto another repo, which can be reused by other smart applications. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-19 18:39:52 +02:00
Pol Henarejos
69e869852e Rewritten keypair_gen response (more friendly). 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-13 19:03:33 +02:00
Pol Henarejos
618966b742 Sanity check for keypair gen. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-13 18:49:13 +02:00
Pol Henarejos
b68920ff45 Added walker function for TLV parsing. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-13 16:55:34 +02:00
Pol Henarejos
9dfe0ee7b3 Clear session pin on unload and new session. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-13 14:25:44 +02:00
Pol Henarejos
da6c578973 Fix tag_len computation for all TLV. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-13 14:14:06 +02:00
Pol Henarejos
49d9ec7cf9 Session pin is randomized. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-13 14:12:14 +02:00
Pol Henarejos
af07f1d549 Added INS for session pin generation (needs randomization). 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-11 19:47:43 +02:00
Pol Henarejos
db5f5fd435 When working with SM, wrap() manipulates res_APDU. Thus, we cannot change the pointer of res_APDU anymore. Everything must be memcpy-ed. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-11 15:11:42 +02:00
Pol Henarejos
7232625bab Merge branch 'master' into eac 2022-04-11 15:09:33 +02:00
Pol Henarejos
1557a4a039 Fix when generating keypair, which could produce wrong flash save in particular cases of concurrency. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-11 15:09:20 +02:00
Pol Henarejos
964af6a064 Adding wrap() to encrypt and sign response APDU. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-10 20:58:54 +02:00
Pol Henarejos
c3a93a46ba Adding unwrap(), to decrypt and verify secure APDU. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-10 20:23:36 +02:00
Pol Henarejos
57d593561a Moving all SM stuff to EAC. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-10 19:00:52 +02:00
Pol Henarejos
6c892af9f1 Adding authentication command. Not finished. Needs lot of work. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-09 23:44:45 +02:00
Pol Henarejos
b545a1618b Added Manage Security Environment command. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-09 20:50:00 +02:00
Pol Henarejos
ce4d0bf102 INS 54h is also occupied too... let's try with 64h. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-08 00:38:03 +02:00
Pol Henarejos
4e6bada892 Fix first AID load. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-08 00:29:15 +02:00
Pol Henarejos
98ad2e3d55 Fix returning card data when selected AID. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-07 23:32:56 +02:00
Pol Henarejos
4a57698173 Moving out INS_EXTRAS from 0x88 (taken by ISO 7816) to 0x54 (presumably free). 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-07 18:32:31 +02:00
Pol Henarejos
565ea12d88 Added dynamic option to enable/disable press to confirm. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-07 18:18:24 +02:00
Pol Henarejos
1c7ef50568 Added custom INS (named EXTRAS) to support different extra commands. At this moment: 
- 0xA: gets/sets the datetime.
- 0x6: enables/disables press to confirm (BOOTSEL). It allows other dynamic device options. At this moment, only press to confirm option is available.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-07 18:18:24 +02:00